Category: cyber crime

Google sues China-based group using “Lighthouse” phishing kit in large-scale smishing attacks to steal victims’ financial data. Google filed a lawsuit against a cybercriminal group largely based in China that is behind a massive text message phishing operation, or “smishing.” The organization uses a phishing-as-a-service kit named “Lighthouse” to steal sensitive financial information by sending…

New Danabot Windows version appears in the threat landscape after May disruption

November 12, 2025

DanaBot returns after 6 months with a new Windows variant (v669), marking its comeback after being disrupted by Operation Endgame in May. DanaBot has resurfaced with a new variant (version 669) targeting Windows systems, six months after Operation Endgame disrupted its activity in May, according to Zscaler ThreatLabz. The researchers identified a set of command…

$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

November 12, 2025

“Bitcoin Queen” Zhimin Qian gets 11 years in London for laundering $7.3B from a crypto scam that defrauded 128K victims in China. A British court sentenced a Chinese woman, Zhimin Qian (47), also known as the “Bitcoin Queen,” to 11 years and eight months in jail for laundering $7.3B from a crypto scam that defrauded 128K…

Cl0p Ransomware Lists NHS UK as Victim, Days After Washington Post Breach

November 11, 2025

Cl0p ransomware lists NHS UK as a victim days after The Washington Post confirms a major Oracle E-Business breach linked to CVE-2025-61882.

Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS

November 11, 2025

Researchers found Fantasy Hub, a Russian MaaS Android RAT that lets attackers spy, steal data, and control devices via Telegram. Zimperium researchers uncovered Fantasy Hub, a Russian-sold Android RAT offered as Malware-as-a-Service, enabling spying, device control, and data theft via Telegram. The malware allows operators to take over infected devices, gathering SMS messages, contacts, call…

Intel Sues Ex-Engineer for Stealing 18,000 ‘Top Secret’ Files

November 10, 2025

Intel, the leading computer chip maker, has filed a lawsuit seeking at least $250,000 in damages from a…

FBI Wants to Know Who Runs Archive.ph

November 8, 2025

The FBI has issued a federal subpoena to domain registrar Tucows, demanding extensive billing and session records to unmask the anonymous operator of Archive.ph (Archive.is and Archive.today). The site, known for bypassing paywalls, is now the subject of an undisclosed criminal investigation.

Clop Ransomware group claims the breach of The Washington Post

November 6, 2025

The Clop Ransomware group claims the breach of The Washington Post and added the American daily newspaper to its Tor data leak site. The Clop Ransomware group announced the hack of the prestigious American daily newspaper The Washington Post. The cybercrime group created a page for the university on its Tor data leak site and announced it will…

Norton Crack Midnight Ransomware, Release Free Decryptor

November 5, 2025

Norton finds a flaw in the new Midnight ransomware built from Babuk code and releases a free decryptor to help victims recover files without paying a ransom.

Former cybersecurity firm experts attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

November 5, 2025

U.S. prosecutors charged three Florida men for using BlackCat ransomware to hack and extort five U.S. companies in 2023. U.S. prosecutors charged Ryan Clifford Goldberg, Kevin Tyler Martin, and another Florida-based accomplice (aka “Co-Conspirator 1”) for using BlackCat ransomware to hack and extort five U.S. companies in 2023. According to Federal prosecutors, the attacks occurred…

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

November 5, 2025

Nine arrested in €600M crypto laundering bust across Europe

November 5, 2025

A coordinated Eurojust-led operation led to nine arrests in Cyprus, Spain, and Germany for laundering €600M in crypto fraud. Authorities in France, Belgium, and Cyprus arrested nine people in a coordinated Eurojust-led operation against a crypto money laundering ring that stole over €600 million. The group ran dozens of fake crypto investment sites that promised…

Crooks exploit RMM software to hijack trucking firms and steal cargo

November 4, 2025

Hackers target trucking firms with RMM tools to steal freight, teaming with organized crime to loot goods, mainly food and beverages. Cybercriminals are targeting trucking and logistics firms with RMM tools (remote monitoring and management software) to steal freight. Active since June 2025, the group works with organized crime to loot goods, mainly food and…

Crooks exploit RMM software to hijack trucking firms and steal cargo

November 4, 2025

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

November 3, 2025

Ukrainian Yuriy Rybtsov, aka MrICQ, a suspected Jabber Zeus developer, was extradited from Italy to the US to face cybercrime charges. Ukrainian national Yuriy Igorevich Rybtsov (41), aka MrICQ, an alleged Jabber Zeus developer, was arrested in Italy, lost his extradition appeal, and has been sent to the US to face cybercrime charges. After a…

New Dante Spyware Linked to Rebranded Hacking Team, Now Memento Labs

November 3, 2025

Kaspersky researchers uncovered Operation ForumTroll, an attack campaign utilising the new ‘Dante’ spyware developed by Memento Labs, the rebranded Hacking Team. The attacks used a Chrome zero-day vulnerability (CVE-2025-2783) and COM hijacking for persistence, confirming the continued deployment of advanced surveillance tools by the controversial Italian firm.

Android Apps misusing NFC and HCE to steal payment data on the rise

November 3, 2025

Zimperium zLabs found 760+ Android apps abusing NFC and HCE to steal payment data, showing a surge in NFC relay fraud since April 2024. Zimperium zLabs researchers spotted over 760 Android apps abusing Near-Field Communication (NFC) and Host Card Emulation (HCE) to steal payment data and commit fraud, showing rapid growth in NFC relay attacks…

North Korean Hackers Caught on Video Using AI Filters in Fake Job Interviews

November 3, 2025

North Korean hackers from the Famous Chollima group used AI deepfakes and stolen identities in fake job interviews to infiltrate crypto and Web3 companies.

Conduent January 2025 breach impacts 10M+ people

November 3, 2025

Conduent January 2025 breach exposed personal data of 10M+ people, including names, addresses, DOBs, SSNs, and health and insurance info. Conduent January 2025 breach exposed the personal data of over 10M people, including names, addresses, DOBs, SSNs, and health and insurance info. In April 2025, the business services provider Conduent revealed that personal information, including…

Ukrainian extradited to US over Conti ransomware involvement

November 2, 2025

Ukrainian Oleksii Lytvynenko extradited from Ireland to US for alleged role in Conti ransomware after fleeing Ukraine in 2022. Ukrainian national Oleksii Lytvynenko (43) extradited from Ireland to the US, faces charges for alleged involvement in Conti ransomware attacks after fleeing Ukraine in 2022. The man appeared in a US court and was charged with…

Russia Cracks Down on Meduza Stealer Developers

October 31, 2025

Russia arrests developers of the notorious Meduza Stealer MaaS operation. Learn how the group’s ‘fatal error’ led to the crackdown on domestic cybercrime.

Russia Arrests Meduza Stealer Developers After Government Hack

October 31, 2025

Russia arrests developers of the notorious Meduza Stealer MaaS operation. Learn how the group’s ‘fatal error’ led to the crackdown on domestic cybercrime.

Ukrainian Conti Ransomware Suspect Extradited to US from Ireland

October 31, 2025

Ukrainian man accused of helping run Conti ransomware extradited from Ireland to the U.S. to face charges over global cyberattacks and $150M in ransom payments.

Dentsu’s US subsidiary Merkle hit by cyberattack, staff and client data exposed

October 30, 2025

Dentsu said its U.S. unit Merkle was hit by a cyberattack exposing staff and client data, forcing some systems offline to mitigate the security breach. Japanese multinational advertising and public relations company Dentsu, one of the largest marketing agencies in the world, announced that its U.S.-based subsidiary Merkle suffered from a cyber attack that exposed…

Herodotus Android malware mimics human typing to evade detection

October 29, 2025

Threat Fabric researchers spotted Herodotus Android malware mimicking human typing with random delays to evade detection. Threat Fabric found a new Android malware, named Herodotus, which mimics human typing by adding random delays to evade detection. Herodotus allows operators to takeover devices and bypass behaviour biometrics detection, it is offered as a malware-as-a-service (MaaS). The researchers…

Aisuru botnet is behind record 20Tb/sec DDoS attacks

October 28, 2025

A new Mirai-based IoT botnet, dubbed Aisuru, was used to launch multiple high-impact DDoS attacks exceeding 20Tb/sec and/or 4gpps. In October 2025, the Aisuru Mirai-based IoT botnet launched massive DDoS attacks of over 20Tb/sec, mainly targeting online gaming, cybersecurity firm Netscout reports. The botnet uses residential proxies to reflect HTTPS DDoS attacks. Its nodes are…

US Teen Indicted in 764 Network Case Involving Exploitation Crimes

October 28, 2025

US teen indicted for involvement in extremist “764” network, accused of child exploitation, animal cruelty, and cyberstalking, says the Justice Department.

Everest group claimed the hack of Sweden’s power grid operator Svenska kraftnät

October 28, 2025

Hackers hit Sweden’s power grid operator Svenska kraftnät, stealing data via a file transfer tool. The power grid was not affected. Hackers breached Sweden’s state-owned power grid operator Svenska kraftnät, stealing data from an isolated file transfer system. The power grid operations were not impacted by the cyber incident. The Swedish company on Monday disclosed…

Ransomware payments hit record low: only 23% Pay in Q3 2025

October 28, 2025

Only 23% of ransomware victims paid in Q3 2025, the lowest ever, continuing a six-year decline in payment rates, Coveware reports. Cybersecurity firm Coveware reports that only 23% of ransomware victims paid attackers in Q3 2025, the lowest rate ever recorded. The researchers note this continues a six-year decline in payment rates. After 28% of…

Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD

October 27, 2025

Qilin ransomware group used Linux binaries on Windows to evade EDRs, steal backups, and disable defenses via BYOVD attacks. Trend Research found that the Qilin ransomware group (aka Agenda) used a Linux ransomware binary on Windows systems via legitimate remote tools, bypassing Windows defenses and EDRs. The cross-platform method enables stealthy attacks, stealing backup credentials…

Safepay ransomware group claims the hack of professional video surveillance provider Xortec

October 26, 2025

Safepay group claims the hack of professional video surveillance provider Xortec and added the company to its data leak site. The Safepay group claimed responsibility for hacking German video surveillance provider Xortec and listed the company on its data leak site. The ransomware payment deadline is October 27, 2025. Xortec GmbH, based in Frankfurt with…

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 68

October 26, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter TikTok videos continue to push infostealers in ClickFix attacks 131 Spamware Extensions Targeting WhatsApp Flood Chrome Web Store Salty Much: Darktrace’s view on a recent Salt Typhoon intrusion Shifts in the Underground: The Impact…

Everest Ransomware Claims AT&T Careers Breach with 576K Records

October 24, 2025

Everest ransomware group claims a breach of AT&T Careers, alleging theft of 576,000 applicant and employee records locked behind a password-protected listing.

Medusa Ransomware Leaks 834 GB of Comcast Data After $1.2M Demand

October 23, 2025

Medusa ransomware leaks 186 GB of Comcast data, claiming 834 GB stolen after a $1.2M ransom demand apparently went unpaid.

Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw

October 23, 2025

Hackers exploit CVE-2025-54236 in Adobe Commerce and Magento to hijack accounts via REST API. Over 250 attacks in 24 hours. E-commerce security company Sansec researchers warn that threat actors are exploiting a critical flaw in Adobe Commerce and Magento, tracked as CVE-2025-54236 (CVSS 9.1), to hijack customer accounts via the REST API. The experts observed…

Deeper Network Promo Deeper Network Promo

cyber crime, Cybersecurity, Global Security News, infostealer, malware, Security

Rival Hackers Dox Alleged Operators of Lumma Stealer

October 22, 2025

Rival hackers expose the alleged operators behind Lumma Stealer, a major data-theft malware, causing leaks and internal chaos that have slowed its growth.

Japanese retailer Muji halted online sales after a ransomware attack on logistics partner

October 21, 2025

Muji halted online sales after a ransomware attack on its logistics partner Askul, disrupting orders, app services, and website access. Japanese retailer giant Muji suspended online sales after a ransomware attack hit its logistics partner Askul. The cyber incident disrupted deliveries and online store functions, including orders and app services. “Due to a logistics issue…

Winos 4.0 hackers expand to Japan and Malaysia with new malware

October 18, 2025

Winos 4.0 hackers expand from China, Taiwan to Japan, Malaysia using fake Finance Ministry PDFs to spread HoldingHands RAT malware. Threat actors behind Winos 4.0 (ValleyRAT) have expanded their attacks from China and Taiwan to Japan and Malaysia, using PDFs disguised as documents from the Finance Ministry to deliver malware. Attackers employed another remote access…

From Airport chaos to cyber intrigue: Everest Gang takes credit for Collins Aerospace breach

October 18, 2025

Everest claims Collins Aerospace hack hitting EU airports, but its leak site vanishes soon after, sparking takedown speculation. Do you remember the Collins Aerospace supply chain attack that disrupted operations at several major European airports, including Heathrow in London, Brussels, and Berlin? In September, a cyberattack on Collins Aerospace disrupted check-in and boarding systems at…

From Airport chaos to cyber intrigue: Everest Gang takes credit for Collins Aerospace breach

October 18, 2025

SIMCARTEL operation: Europol takes down SIM-Box ring linked to 3,200 scams

October 18, 2025

Europol’s SIMCARTEL operation shut down a SIM-box network behind 3,200 frauds and €4.5M losses, using 40,000 SIMs for scams and extortion. Europol’s “SIMCARTEL” operation dismantled an illegal SIM-box network tied to over 3,200 fraud cases and €4.5M in losses. The service used 1,200 SIM-boxes with 40,000 SIM cards to supply phone numbers for phishing, investment…

Prosper disclosed a data breach impacting 17.6 million accounts

October 17, 2025

Threat actors stole personal data, including names, IDs, and financial details from Prosper, affecting over 17M users. Prosper is a U.S.-based peer-to-peer lending platform that connects individual borrowers with investors. Founded in 2005 and headquartered in San Francisco, Prosper allows people to apply for personal loans online, while investors can fund portions of those loans…

Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign

October 17, 2025

Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware. Microsoft revoked over 200 certificates used by the cybercrime group Vanilla Tempest (aka VICE SPIDER and Vice Society) to sign fake Teams installers spreading the Oyster backdoor and Rhysida ransomware. The threat actor has been active…

PowerSchool hacker got four years in prison

October 17, 2025

Matthew D. Lane, a Massachusetts student, got four years in prison for hacking and extorting $3M from PowerSchool and another company. A Massachusetts student, Matthew D. Lane, was sentenced to four years in prison for hacking and extorting about $3 million from two companies, including PowerSchool. In May, Lane pleaded guilty to hacking two U.S.…

Auction house Sotheby’s disclosed a July data breach

October 17, 2025

Sotheby’s reported a July 24 breach exposing customer and financial data; it took two months to assess the stolen information and affected individuals. Sotheby’s reported a data breach that exposed customer information, including financial details. The company discovered the security breach on July 24, and investigators spent two months determining what data was stolen and…

Operation Zero Disco: Threat actors targets Cisco SNMP flaw to drop Linux rootkits

October 16, 2025

Hackers exploit Cisco SNMP flaw CVE-2025-20352 in “Zero Disco” attacks to deploy Linux rootkits on outdated systems, researchers report. Trend Micro researchers disclosed details of a new campaign, tracked as Operation Zero Disco, that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected…

Spanish fashion retailer MANGO disclosed a data breach

October 16, 2025

Spanish fashion retailer MANGO disclosed a data breach after a marketing vendor compromise exposed customer personal information. Mango is a global fashion brand founded in Barcelona in 1984, it has over 2,850 stores in 120 countries and 16,400 employees. In 2024, it reported €3.3 billion in revenue and €219 million in profit. Online sales account…

Qilin Ransomware announced new victims

October 15, 2025

Resecurity’s new report details how the Qilin RaaS group relies on global bulletproof hosting networks to support its extortion operations. The following new report by Resecurity will explore the Qilin ransomware-as-a-service (RaaS) operation’s reliance on bullet-proof-hosting (BPH) infrastructures, with an emphasis on a network of rogue providers based in different parts of the world. Qilin…

Harvard hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group

October 14, 2025

Harvard University confirmed being targeted in the Oracle EBS campaign after the Cl0p ransomware group leaked 1.3 TB of data. Harvard University confirmed it was targeted in the Oracle E-Business Suite campaign after the Cl0p ransomware group listed it on its leak site. The cybercrime group claimed to have leaked 1.3 TB of data allegedly…

Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group

October 14, 2025

Police Bust GXC Team, One of the Most Active Cybercrime Networks

October 14, 2025

Spanish Guardia Civil and Group-IB arrest ‘GoogleXcoder,’ the 25-year-old Brazilian mastermind of the GXC Team, for selling AI-powered phishing kits and malware used to steal millions from banks across the US, UK, Spain, and Brazil.

Astaroth Trojan abuses GitHub to host configs and evade takedowns

October 13, 2025

The Astaroth banking Trojan uses GitHub to host malware configs, evade C2 takedowns and stay active by pulling new settings from the platform. McAfee discovered a new Astaroth campaign using GitHub repositories to host malware configurations. This allows attackers to evade takedowns by pulling fresh configs from GitHub whenever C2 servers are shut down, ensuring…

Stealit Malware spreads via fake game & VPN installers on Mediafire and Discord

October 13, 2025

Stealit malware abuses Node.js SEA and Electron to spread via fake game and VPN installers shared on Mediafire and Discord. Fortinet FortiGuard Labs researchers spotted Stealit malware campaign abusing Node.js Single Executable Application (SEA) and sometimes Electron to spread via fake game and VPN installers on Mediafire and Discord. Fortinet uncovered the campaign while investigating…

Clop Ransomware group claims the hack of Harvard University

October 12, 2025

The notorious Clop Ransomware group claims the hack of Harvard University and added the prestigious institute to its Tor data leak site. The Clop Ransomware group announced the hack of the prestigious Harvard University. The cybercrime group created a page for the university on its Tor data leak site and announced it will leak the…

Attackers exploit valid logins in SonicWall SSL VPN compromise

October 11, 2025

Huntress warns of widespread SonicWall SSL VPN breaches, with attackers using valid credentials to access multiple accounts rapidly. Cybersecurity firm Huntress warned of a widespread compromise of SonicWall SSL VPNs, with threat actors using valid credentials to access multiple customer accounts rapidly. “As of October 10, Huntress has observed widespread compromise of SonicWall SSLVPN devices…

RondoDox Botnet targets 56 flaws across 30+ device types worldwide

October 10, 2025

RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs, CCTV systems, and servers, active globally since June. Trend Micro researchers reported that the RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs, NVRs, CCTV systems, and web servers, active globally since June. Experts noted that the latest…

ClayRat campaign uses Telegram and phishing sites to distribute Android spyware

October 9, 2025

ClayRat Android spyware targets Russian users via fake Telegram channels and phishing sites posing as popular apps like WhatsApp and YouTube. The ClayRat Android spyware campaign targets Russian users via fake Telegram channels and phishing sites posing as popular apps like Google Photos, WhatsApp, TikTok, YouTube. Zimperium named the spyware ClayRat after its C2 server,…

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

October 9, 2025

Threat actors are exploiting a critical flaw, tracked as CVE-2025-5947, in the Service Finder WordPress theme’s Bookings plugin. Threat actors are exploiting a critical vulnerability, tracked as CVE-2025-5947 (CVSS score 9.8), in the Service Finder WordPress theme’s Bookings plugin. The plugin (versions ≤6.0) has an authentication bypass issue allowing attackers to log in as any…

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

October 9, 2025

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

October 9, 2025

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

October 9, 2025

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

October 9, 2025

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

October 9, 2025

Discord denies massive breach, confirms limited exposure of 70K ID photos

October 9, 2025

Discord won’t pay threat actors claiming 5.5M user breach, saying only about 70K ID photos were actually exposed. Discord announced it won’t pay the threat actors claiming to have stolen data on 5.5M users, clarifying that only about 70K ID photos were actually exposed. The attackers claimed they have breached Discord’s Zendesk support instance, but…

Discord denies massive breach, confirms limited exposure of 70K ID photos

October 9, 2025

Discord denies massive breach, confirms limited exposure of 70K ID photos

October 9, 2025

Discord denies massive breach, confirms limited exposure of 70K ID photos

October 9, 2025

Discord denies massive breach, confirms limited exposure of 70K ID photos

October 9, 2025

Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

October 8, 2025

Qilin ransomware claimed responsibility for the recent attack on the beer giant Asahi that disrupted operations in Japan. Asahi Group Holdings, Ltd (commonly called Asahi) is Japan’s largest brewing company, known for producing top-selling beers like Asahi Super Dry, as well as soft drinks and other beverages. It operates both domestically and internationally, with a…

Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

October 8, 2025

Deeper Network Promo Deeper Network Promo

Breaking News, cyber crime, data breach, Europe, Global Security News, malware, Security

Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

October 8, 2025

Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

October 8, 2025

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

October 8, 2025

DragonForce, LockBit, and Qilin formed a ransomware alliance to boost attack effectiveness, marking a major shift in the cyber threat landscape. Ransomware groups DragonForce, LockBit, and Qilin formed a strategic alliance to enhance their attack capabilities, signaling an evolving cyber threat landscape. The alliance aims at sharing tools and infrastructure to enhance attack effectiveness. The…

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

October 8, 2025